@Oskar Schöldström
I am quite sure that the session_id is what is stored in a cookie. If more parameters than the session id was required, i would guess you could just sniff them out of the HTTP header as well.

The Firefox add-in Firesheep caused quite an uproar a few weeks ago, and justifiably so. Here's how it works: Connect to a public, unencrypted WiFi network. In other words, a WiFi network that doesn't require a password before you can connect to it. Install Firefox and the Firesheep add-in. W...